Re: Internet link failover

Thanks - Both lines are plugged directly into the pix, and our router just has a default route pointing to the inside interface of the pix (ex. ip route 0.0.0.0 0.0.0.0 192.168.2.2) And sorry - having the word "outside" in both those lines was a typo on my part!

Re: Internet link failover

If the interface connecting from to your pix is private, just put your networks pointing to that interface on the pix.

ex. ip route 172.16.0.0 255.255.0.0 192.168.2.2

and possibly

ip route 192.168.0.0 255.255.0.0 192.168.2.2

I hope you get the idea.... Make the routes going to your pix more specific.

Then on the pix make sure your default route is pointing to the correct interface. Like in the previous post. And make sure you have an NAT statement going out that interface. You can use the same one that you had going out your outside. (make the new interface looks almost the same as the outside interface)

Re: Internet link failover

Sure - yes, the line is a Verizon fios fiber optic line (15Mbs) comes into a dlink router which then plugs into ethernet5 on the pix. From the pix I can ping the provider, but can't ping the provider from anywhere behind the pix, hence, I can't get the web traffic to use that link.

Re: Internet link failover

Ok - I am going to back up and start from scratch here - I think I may have not explained this very well. I have:

1 T1 (A.A.A.A) terminated at a 1721 then plugged into ethernet0 (if_name outside). Works fine.

1 new Veriszon 15Mb fios fiber optic line (B.B.B.B) terminated at a DLink router then plugged into ethernet3 on the pix (if_name Internet).

I want to be able to use the fiber optic line (B.B.B.B) for internet traffic while keeping the T1 (A.A.A.A) as a standby in case the fiber optic line goes down

My problem is no matter what I try I can't get traffic to flow over the fiber optic line. I know it's working because I can connect directly to the fiber optic line and get out to the net. I am attaching the config for my pix. Take a look and let me know what I need to do to get this to work. Thanks!

Re: Internet link failover

Ok - still not working when I do that but I think I see why. I cannot ping from b.b.b.4 to b.b.b.3 even though I have a cable going from one to the other on the other side of the room, green lights on both ends and an up/up on the interface on the pix. Whats missing here?

Also - the 'track' command is an unknown on my pix - is that a later version command?

Re: Internet link failover

Ugh - if wasn't bald I'd be pulling my hair out. Tried the above, still no go. It's got to be something simple that I am missing. Now, can I tell the pix to only use that link for http/https traffic and everthing else continue to use the old link? Would that make this easier? I still have to figure out why I can't ping the dlink from the pix.

Re: Internet link failover

I had a continuous ping going to google while I made the change and it dropped as soon as I added the route Internet 0.0.0.0 0.0.0.0 b.b.b.3 1 command. I had to revert to the original config and have to refrain from testing here for a while - the office is getting ticked off at me. I will tackle this again tonight. I am thinking a restart of the dlink and pix.

We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...
view more